6

I want to build a macOS app that filters specific network requests so I need to add the NetworkExtensions capability. But after I add a NetworkExtensions capability, I get the following message:

Your development team, "Potato Dev2", does not support the Network Extensions capability.

Image of where the above message is from: https://i.stack.imgur.com/H46gE.png

From Apple's documentation on "Adding Capabilities to Your App":

The platform, and whether you're a member of the Apple Developer Program, may limit the capabilities available to your app

The documentation doesn't explicitly say which capabilities require being a part of the Apple Developer Program. I also don't see why I'd need to be a part of the Apple Developer Program to write software on and for my own computer. Note that, at least to my knowledge, the NetworkExtensions capability does not depend on any service from Apple (as opposed to HealthKit or Game Center).

So is there a way to add a Network Extensions capability to a macOS app without joining the Apple Developer Program?

potato-dev2
  • 77
  • 6

2 Answers2

4

You should be able to do it if you disable system integrity protection (SIP) on your Mac (csrutil disable in the Terminal in the macOS Recovery Environment), and disable amfid's entitlements check by adding amfi_get_out_of_my_way=1 to the kernel's command line arguments. (Again in the recovery environment, nvram boot-args='amfi_get_out_of_my_way=1')

You will need to bypass Xcode when code signing and use the codesign command directly because Xcode performs the provisioning profile entitlements check, as you noticed. codesign itself does not perform this check.

This works for basically allowing just about anything to do with DriverKit system extensions, so I'd expect it to work with Network System Extensions as well.

pmdj
  • 22,018
  • 3
  • 52
  • 103
  • Hi @pmdj, could you please elaborate on the steps to use Network Extension in iOS without joining Apple's developer program? I just want to write an app for myself only. In Xcode, I tick `App Proxy` in the Network Extension panel in `Signing & Capabilities` page, but there's an error saying `Personal development teams, including "neevek", do not support the Network Extensions capability.`. How to use the `codesign` from the command line? and what is `amfid`? – neevek Sep 04 '22 at 09:23
  • @neevek The original question was about macOS; the situation is different on iOS. There is no way to disable system integrity protection (SIP) on iOS, so as far as I'm aware there is no workaround. – pmdj Sep 04 '22 at 18:10
0

I figured out the answer to my question: to write macOS software that uses the NetworkExtension APIs, you must be a member of the Apple Developer Program ($100/year). See https://developer.apple.com/support/app-capabilities/ for details.

potato-dev2
  • 77
  • 6